pfblocker defend rdp/rds brute force attacks

jogovogo

Hello everybody,

somehow I will not be smart from the whole guide ...

What is the easiest way to block an attack from ip4 addresses? (Terminal with rds)

Ibound / or outbound rules?

For example, if I enable geoip blocking on a country-by-country basis, outlook (exchange online) will stop working.

I think because the ms servers are partly in the usa ...

Someone a simple idea?

Many thanks in advance!

KOM

You can either whitelist only those addresses that are allowed in, or you can put it all behind a VPN. I always try to avoid hanging services out on the Internet.

jogovogo

Hi,

we already had that.

Vpn is not comfortable for the user.
The connection takes place via pc / mobile / etc. devices.

These get usually every 4-24 hours a new ip and there are many external users ...

It's about the connection from the internet.
I assumed that you can use this addon exactly for such a scenario. Only I will not be smart, how?

We have rds blocker on the servers themselves, behind pfsense.

KOM

Snort or Suricata will try to catch exploits as they enter your network. I don't use them so don't ask me how to configure. Other than that there isn't much you can do from a pfSense perspective.

chpalmer

Security through obscurity.. (if you believe that..)

Use a different port number. That will keep some of it down.